source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6157

Last change on this file since 6157 was 6157, checked in by uli, 13 years ago

Zope roles come with a title attribute. Start making use of it and simplify role lookup in w.s.permissions
  • Property svn:eol-style set to native
File size: 4.2 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole
5from waeup.sirp.interfaces import ILocalRolesAssignable
6
7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
18
19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
22    grok.name('waeup.Anonymous')
23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
32
33class ManageDataCenter(grok.Permission):
34    grok.name('waeup.manageDataCenter')
35
36class ManagePortalSettings(grok.Permission):
37    grok.name('waeup.managePortalSettings')
38
39class ViewStudents(grok.Permission):
40    grok.name('waeup.viewStudents')
41
42# Local Roles
43class DepartmentOfficer(grok.Role):
44    grok.name('waeup.local.DepartmentOfficer')
45    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
46
47# Global Roles
48class PortalUser(grok.Role):
49    grok.name('waeup.PortalUser')
50    grok.permissions('waeup.View', 'waeup.Public')
51
52class PortalManager(grok.Role):
53    grok.name('waeup.PortalManager')
54    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
55                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
56                     'waeup.manageDataCenter','waeup.managePortalSettings')
57
58def getRoles():
59    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
60    """
61    return getUtilitiesFor(IRole)
62
63def getWAeUPRoles(also_local=False):
64    """Get all WAeUP roles.
65
66    WAeUP roles are ordinary roles whose id by convention starts with
67    a ``waeup.`` prefix.
68
69    If `also_local` is ``True`` (``False`` by default), also local
70    roles are returned. Local WAeUP roles are such whose id starts
71    with ``waeup.local.`` prefix (this is also a convention).
72
73    Returns a generator of the found roles.
74    """
75    for name, item in getRoles():
76        if not name.startswith('waeup.'):
77            # Ignore non-WAeUP roles...
78            continue
79        if not also_local and name.startswith('waeup.local.'):
80            # Ignore local roles...
81            continue
82        yield item
83
84def getWAeUPRoleNames():
85    """Get the ids of all WAeUP roles.
86
87    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
88
89    This function returns a sorted list of WAeUP role names.
90    """
91    return sorted([x.id for x in getWAeUPRoles()])
92
93
94class LocalRolesAssignable(grok.Adapter):
95    """Default implementation for `ILocalRolesAssignable`.
96
97    This adapter returns a list for dictionaries for objects for which
98    we want to know the roles assignable to them locally.
99
100    The returned dicts contain a ``name`` and a ``title`` entry which
101    give a role (``name``) and a description, for which kind of users
102    the permission is meant to be used (``title``).
103
104    Having this adapter registered we make sure, that for each normal
105    object we get a valid `ILocalRolesAssignable` adapter.
106
107    Objects that want to offer certain local roles, can do so by
108    setting a (preferably class-) attribute to a list of dictionaries.
109
110    You can also define different adapters for different contexts to
111    have different role lookup mechanisms become available. But in
112    normal cases it should be sufficient to use this basic adapter.
113    """
114    grok.context(Interface)
115    grok.provides(ILocalRolesAssignable)
116
117    _roles = []
118
119    def __init__(self, context):
120        self.context = context
121        self._roles = getattr(context, 'local_roles', self._roles)
122        return
123
124    def __call__(self):
125        """Get a list of dictionaries containing ``names`` (the roles to
126        assign) and ``titles`` (some description of the type of user
127        to assign each role to).
128        """
129        return self._roles
130
131    def roles(self):
132        """Return a list of roles assignable to the context object.
133        """
134        return [x['name'] for x in self._roles]
Note: See TracBrowser for help on using the repository browser.